On 8/5/06, Steve Swift <steve.j.swift@xxxxxxxxx> wrote:
I'm using Apache 2.0.46 and I want to password protect all of the subdirectories below cgi-bin. This is easy, with:
Very old version. You should upgrade.
<DirectoryMatch /var/www/cgi-bin/.*/> Require valid-user </DirectoryMatch> This works fine, you need a userid, any userid, to get into the subdirectories. Now, I'd like to be more selective about who gets into the /admin subdirectory, so I add: <Directory /var/www/cgi-bin/admin> Require user Swifty </Directory> This second step had no effect. I could still fetch pages from /var/www/cgi-bin/admin with any valid user.
You need to read: http://httpd.apache.org/docs/2.2/sections.html You'll find that <Directory> automatically protects subdirectories, so you don't need that <DirectoryMatch> complication. You'll also find that the order of processing is important. Replacing the <DirectoryMatch> with <Directory> will probably fix your main problem as well, since it will cause the second Require directive to be processed last, overriding the first one, rather than vis-versa. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx